The patent application refers to the issue of users being required to compromise on the security of their own private keys: “Existing systems do not provide a solution for maintaining security over private keys while still allowing the users to checkout on a merchant page and making payments using their wallets.”

The new system will involve a "key ceremony" which encrypts the users private passphrases into a masterkey during the checkout process. This greatly reduces the risk of keys being stolen during the process. The masterkey encrypts private keys and transactions signing. Once used the key is then deleted.

Processes can be frozen when hacking or identity theft suspected

In the event that a user reports they are being hacked or their identity assumed the system allows administrators to freeze all processes. The patent application notes: “At any point in time after the master key is loaded, the system can be frozen. The system can be unfrozen after it has been frozen using keys from the key ceremony. The checkout process can be carried out when the system is frozen and when the system is unfrozen. The payment process can only be carried out when the system is unfrozen.”

Other websites and services can use payment system through an API

Wikipedia describes an API or application programming interface as follows: "In computer programming, an application programming interface (API) is a set of subroutine definitions, communication protocols, and tools for building software. In general terms, it is a set of clearly defined methods of communication between various components. A good API makes it easier to develop a computer program by providing all the building blocks, which are then put together by the programmer. An API may be for a web-based system, operating system, database system, computer hardware, or software library. An API specification can take many forms, but often includes specifications for routines, data structures, object classes, variables, or remote calls. POSIX, Windows API and ASPI are examples of different forms of APIs. Documentation for the API is usually provided to facilitate usage and implementation."

The Coinbase API will enable the new bitcoin system to be used by other websites and services.The API has two parts. One part will be stored on the Coinbase web service and the other on the user/host server providing an extra security measure. Transactions will be confirmed only if the API key received from the web server matches the key stored by the service. A system such as this that allows secure bitcoin payments through multiple websites could be widely adopted in the cryptocurrency space.

Coinbase's views on patents

Coinbase has applied for numerous patents related to bitcoin in the past. Nine were filed back in 2015 alone. Critics have accused Coinbase of attempting to create a monopoly in bitcoin services. CEO Brian Armstrong has replied to his critics in a blog post: "I’d personally prefer to see a world where software patents don’t exist (I think they hurt innovation, and waste a lot of time/money), but since they do exist, we have to take them seriously. Patents in business are a form of warfare, and it’s a dangerous world out there.

Our ultimate goal in obtaining bitcoin related patents is to keep them out of the hands of bad people, use them defensively to protect Coinbase from patent trolls, and help ensure the bitcoin ecosystem continues to grow."